Your message dated Sat, 12 Mar 2022 22:35:23 +0000 with message-id <E1nTAKZ-000Iy3-4n@fasolo.debian.org> and subject line Bug#990246: fixed in vlc 3.0.17-1 has caused the Debian Bug report #990246, regarding vlc: reproducible builds: Embeds build username and hostname in binaries to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 990246: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990246 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: submit@bugs.debian.org
- Subject: vlc: reproducible builds: Embeds build username and hostname in binaries
- From: Vagrant Cascadian <vagrant@reproducible-builds.org>
- Date: Wed, 23 Jun 2021 13:16:47 -0700
- Message-id: <87fsx8s5e8.fsf@yucca>
Source: vlc Severity: normal Tags: patch User: reproducible-builds@lists.alioth.debian.org Usertags: username hostname X-Debbugs-Cc: reproducible-bugs@lists.alioth.debian.org The build username and build system hostname are embedded in binaries shipped in vlc: https://tests.reproducible-builds.org/debian/rb-pkg/bullseye/amd64/diffoscope-results/vlc.html ./usr/lib/x86_64-linux-gnu/libvlccore.so.9.0.0 pbuilder1 vs. pbuilder2 ionos11-amd64 vs. i-capture-the-hostname The attached patch fixes this by setting VLC_COMPILE_BY and VLC_COMPILE_HOST to empty values in configure.ac. This patch does not address all reproducibility issues in vlc (e.g. build paths), though applying it reduces the diff for the remaining issues. Thanks for maintaining vlc! live well, vagrantFrom 01e2dcc51b31f1a06bcd07faa0ae3fbd0ddbe9c6 Mon Sep 17 00:00:00 2001 From: Vagrant Cascadian <vagrant@reproducible-builds.org> Date: Wed, 23 Jun 2021 19:33:47 +0000 Subject: [PATCH 1/3] Disable embedding the build hostname and username in the binaries. https://tests.reproducible-builds.org/debian/issues/user_hostname_manually_added_requiring_further_investigation_issue.html --- configure.ac | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/configure.ac b/configure.ac index 7db5256a8..5d6324cf9 100644 --- a/configure.ac +++ b/configure.ac @@ -4324,8 +4324,8 @@ AC_SUBST(VERSION_MINOR) AC_SUBST(VERSION_REVISION) AC_SUBST(VERSION_EXTRA) AC_SUBST(COPYRIGHT_YEARS) -AC_DEFINE_UNQUOTED(VLC_COMPILE_BY, "`whoami|sed -e 's/\\\/\\\\\\\/g'`", [user who ran configure]) -AC_DEFINE_UNQUOTED(VLC_COMPILE_HOST, "`hostname -f 2>/dev/null || hostname`", [host which ran configure]) +AC_DEFINE_UNQUOTED(VLC_COMPILE_BY, "", [user who ran configure]) +AC_DEFINE_UNQUOTED(VLC_COMPILE_HOST, "", [host which ran configure]) AC_DEFINE_UNQUOTED(VLC_COMPILER, "`$CC -v 2>&1 | tail -n 1 | sed -e 's/ *$//'`", [compiler]) dnl dnl Handle substvars that use $(top_srcdir) -- 2.32.0Attachment: signature.asc
Description: PGP signature
--- End Message ---
--- Begin Message ---
- To: 990246-close@bugs.debian.org
- Subject: Bug#990246: fixed in vlc 3.0.17-1
- From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
- Date: Sat, 12 Mar 2022 22:35:23 +0000
- Message-id: <E1nTAKZ-000Iy3-4n@fasolo.debian.org>
- Reply-to: Sebastian Ramacher <sramacher@debian.org>
Source: vlc Source-Version: 3.0.17-1 Done: Sebastian Ramacher <sramacher@debian.org> We believe that the bug you reported is fixed in the latest version of vlc, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 990246@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Sebastian Ramacher <sramacher@debian.org> (supplier of updated vlc package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 12 Mar 2022 20:40:54 +0100 Source: vlc Architecture: source Version: 3.0.17-1 Distribution: unstable Urgency: medium Maintainer: Debian Multimedia Maintainers <debian-multimedia@lists.debian.org> Changed-By: Sebastian Ramacher <sramacher@debian.org> Closes: 990246 1004584 Changes: vlc (3.0.17-1) unstable; urgency=medium . * New upstream version 3.0.17 - Fix build with ffmpeg 5.0 (Closes: #1004584) * debian/control: - Switch to libidn-dev - Bump BD on libopenmpt-modplug-dev - Bump Standards-Version * debian/copyright: - Add missing text to BSD-2-clause - Update copyright for 3.0.17 * debian/patches: Refresh patches * debian/rules: Set VLC_COMPILE_BY and VLC_COMPILE_HOST (Closes: #990246) * debian/: Update lintian override Checksums-Sha1: 2009fa1361d9e43bd5076c026b43be2272f701e3 6309 vlc_3.0.17-1.dsc 0c8ab67be1989ce9d4e5c4d377f5740c00f53d29 26391800 vlc_3.0.17.orig.tar.xz 0ebd0704ea5a4fd2262cbb3c1af212eb3f278675 195 vlc_3.0.17.orig.tar.xz.asc 1a37a1783c611de0da2c1327c43220ff92b5956c 65024 vlc_3.0.17-1.debian.tar.xz Checksums-Sha256: b5aa2c1124147f3943f43cfd4628572468b1f8bd12cd52973c57a5774d49483d 6309 vlc_3.0.17-1.dsc 48bd9bf337aa107a1524eba57c52dc4a91e29f5a97fbdee92f6a4dba90383cd0 26391800 vlc_3.0.17.orig.tar.xz 1a7c5ffa348956a0734c5bf91362c6e0c12188e5d2df42a25419a3476dffffc4 195 vlc_3.0.17.orig.tar.xz.asc 46e1f992d196ec596009704038c6a8113dc7d403820597d70823069f48a34990 65024 vlc_3.0.17-1.debian.tar.xz Files: badec10f80b8f5733e93540ea46d362d 6309 video optional vlc_3.0.17-1.dsc 42c12ac468a393250ef798e740a42796 26391800 video optional vlc_3.0.17.orig.tar.xz 2e262873c71335a341fba445bb06b93b 195 video optional vlc_3.0.17.orig.tar.xz.asc d4dbf765657eebd7dc22885c7e978f85 65024 video optional vlc_3.0.17-1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE94y6B4F7sUmhHTOQafL8UW6nGZMFAmItH1oACgkQafL8UW6n GZME9xAAubJLkwBepRLBR4ABTy/qdUko+Tl+HJCAncfXEdkvukOBkKdSklUQzWAG 2UOJgqUDbcqIijdQHFrR/iNPaoxb6E8W5cyDUV84gUorEoxHNDQ6S1b8rrXgRdmd 2dLcFxlSnJ37eTS8IBCDcw8IyLO1/bmLpxOw39owksJMwjUUtTKbK0RdTc6gKWxB fIpnyIc5BfxX6+2s81UhArsJLRa8IVvKZTqSunaB/JHPPpJqOobU48Sjguq5FqYu onYtfQtygQkI1R5SfmgzTQfpuv/B65oyM62sMuarIfeIbQKh8An3qx75S4HRjfQY d/Ad6RZVTyoArvUcyHxaP/Udecmpo0mgMRokVpVzLVajyt5JGDEr3qsCcfvA07UL 8/nh/vDxljhlt1zDRDO22AEFHhkIjxj0eHmjLmNdWL2wGc9brxGWvEp3XKkm3siR GJ3rtRkP/RAdLBupTKWTSt9w4QHmsdYS/r+abm0eYFl9duCyp3nJ5OiOzz9t8Kig tEmWi/ku1tsHOA7m3jULKcO1DrU+Gow8chAZi43vyHAcZBy4QyRxHEcF1SpoTxVX ssAPJ5VuIHLYXT6eu+sQrIbrjMN5LdyJiQNOT8A8/ji+hKApfX4QQoZxMU6HweEY Jyk89kHLQxxx7fFb4r43AxaLXufullw9LTxaSzpSxe80FvHTCA0= =bN1U -----END PGP SIGNATURE-----
--- End Message ---